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ABSTRACT 



An apparatus and method for ciphering traffic exachanged in 
both directions between a satellite/cellular telephone and a 
ground station networkusing an orbitial satellite. A buffer 
memory is provided at either the mobile telephone station or 
the ground network station or both. The buffer memory is 
used to store the deciphering bits output from a duplex 
ciphering algorithm at the time the ciphering bits are gen- 
erated. The stored ciphering bits are used to decipher a 
later-to-be-received traffic information block. The delay in 
using stored deciphering bits is determined for each call at 
call set-up to the nearest integer number of block periods by 
measuring the loop propagation delay from the ground 
station to the mobile telephone station during an exchange of 
signals at call set-up. 
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Fig. 7 
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Fig. 8 
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USE OF DUPLEX CIPHER ALGORITHMS signals directly to one another. The application discloses 

FOR SATELLITE CHANNELS WITH DELAY reformatting the signals on board the spacecraft when the 

uplink format transmitted by a mobile station is different 

FIELD OF THE DISCLOSURE than the downlink format expected by the mobile stations, 

™ . . -.-.is- i_ j. 5 such reformatting also comprising a delay where necessary 

The j invention concerns ciphering traffic exchanged m t0 permit a time-duplex solution at both mobiles whereby 

both directions between for example a satellite/cellular they m not required to transmit and receive at the same 

telephone and a ground station network using an orbital lime> bm rather in short 5ursts m alternating directions, 

satelhte, in which the loop propagation delay is much longer u s patem applicatioD Ser . No. 08/681,916 entitled 

than the cipher block period. In particular the invention "Method and Apparatus For Enabling Mobile-to-Mobile 

solves the problem of allowing two satellite/cellular tele- Calls in a Communications System", which is incorporated 

phones to communicate directly with each other, thus avoid- herein by reference, discloses the problem of, and a solution 

ing a double-hop delay if the call were relayed through the for, establishing a ciphering key in common between two 

satellite twice using a ground station. mobile stations having different authentication keys. 

nArvrDni tmh nc ttjc men ncnup is ^ use of du P lex ci P her al g° rithms m cellular systems 

BACKGROUND OF THE DISCLOSURE is fof enciphering traffic m both directions using the same 

At the present time, there are many proposals to launch session key is known in the prior art. For example, such an 

orbiting satellites which would support communication with algorithm is described in U.S. patent application Ser. No. 

mobile or handheld phones. FIG. 1 illustrates a block 07/708,876, which is incorporated herein by reference in its 

diagram of a satellite communications system. An orbiting entirety. 

satellite 110 is in communication with at least one ground The GSM di S ital cellular standard employs a duplex 

station or outstations called the HUB 100 as well as with a cl P her algorithm known as A5, the general structure of 

number of portable mobile stations or phones 120. The ^ * described in: "Applied Cryptography-Second 

phones are each serviced by an appropriate antenna beam *f lil ™ I 3 ? B ™T e (]? hn ^ & Sons )" 11115 

c ... , . u . .l . -j' structure is used in this application, 

from a multiple spot -beam antenna on the satellite providing „ „. _ „ r .. . . - 

high gain in the direction of each phone. The HUB com- 25 U : S - Pat No. 5,060,266 de^nbes methods of ensunng 

municates with the satellite using, for example, C-band or continuous synchronization between the block coun ers at 

„ , , c ... . B * ... • t . iL the two ends of a communications link when employing 

K-band frequencies, while the satellite communicates with guch d kx d ^ a i gori thms. This patent is als6 incor- 

the phones using, for example, L-band (uplink) and S-band d herein b rcference m its entirel However, it does 

(downlink) frequencies. While a high percentage of calls 3Q nQt disclose Qr ^ ^ Mem of maintaining synchro . 

would be between fixed (Public Switched Telephone Net- nism at both ends when their aration in translated 

works PSTN or wireline) subscribers and satellite terminals, tQ a Ume dd at ^ d of ^ fa { mmpmd with 

a percentage of calls would be between pairs of satellite the ifed synchronization accuracy. 

terminals. In the latter case, it is desirable to avoid the ITO „ . KT c rtD1 . . 

, , , - lL , . r . . U.S. Pat. No. 5,081,679 discloses means to resynchromze 

double delay or the signal propagating from one terminal to „ U1 , . J c , . 

. i,. . • i j . T«_ a ii - * * *i_ j 35 the block counter used for encryption when a moving station 

the satellite; being relayed by the satelhte to the ground , r / r t .. , 4 , u , f 

. ■ , , i /. . . . . . it • j leaves the service area of one base station and enters that or 

network switch: back from the switch to the satelhte and , . . . , ~, . ... 

n „ - ' ,1. . » . . , iL . another having an unsynchronized counter. This patent is 

finally from the satelhte to the second terminal. With this iuu- * j w <* u 

, ; , , . , t c also hereby incorporated by reference herein in its entirety, 

method, the signal propagates over four tunes the earth- „ ^ £ ^ of ch > a in , he block m 

satellite dKtance, increasing speech delay. 4Q mobile &om a ^ phase (o a hase 

In cellular systems, propagation delays are sufficiently , 0 align the block ^ ^ counter in , new base 

short that a mobile phone can cipher and decipher messages station upon nandoffj but does not disclose or solve the 

using the same block counter value to cipher a transmitted problem of communicating in cipher mode ^ib a base 

block and to decipher a received block, and the network or station at la dislances than the block tick period 

base station can do likewise. In the above mentioned GSM 45 t j mes lbe S p eed 0 f 

system for example the TDMA frame period is approxi- v s p>t _ No _ 5 m 942 and its u. S . Pat . No. 

mately 4.6 ms, which translated to a distance at the speed of c nQn ocn i^^^, mat u rt j t . n c „ fn ui vu-« _ „ rt ^ 

v u* * ♦ tinnis u r> 11 1 11 5,282,250 desenbe methods of establish ing a co mmon ses- 

heht equates to 1380 Km, or 690 Km each way. Cellular cell t , ^ «. i • a u-i * ** 

M , _ A , J . sion key between a network station and a mobile station, 

radii are rarely more than 30 Km, but distances from a , . J #u 4 . . . u . a 

J „. . . ' , . during an authentication process which verifies as genuine 

satelhte phone to a satelhte and down to the ground again c n • j ^ f „ u -, ♦ i # a 

i ~k™m*r i i ■ • ii- Jz^mv r 50 the identity ot a mobile station to a network station and 

can be 2000 KM for low orbiting satellites to 80000 Km for . , # ... , , u ... t . 

& likewise the network station identity to the mobile station, 

geostationary satellites. Both ^ abQve patents are hereby mcorporate d by reference 

A duplex cipher algorithm such as the A5 algorithm i n their entirety herein. The methods described rely upon the 

specified for the European digital cellular system known as mo5ile station ^ the network both having access t0 an 

GSM employs a block counter together with a secret session 55 authentication key or A-key in common, which however it 

key to produce ciphering bits for ciphering traffic data is not wished to expose to attack by releasing it for encrypt- 

blocks. The block counter is incremented for each traffic ing a particular ca n. Neither of the above incorporated 

block, which may be for example a signal burst transmitted patents describes establishing a common key between a first 

once in each Time Division Multiple Access frame period. mo bile and a second mobile which do not have an A-key or 

By the time a signal transmitted from a satellite phone is 60 any information in common, 

transported by the satelhte and is received once more at the The aforemenlioned emissions or deficiencies of the prior 

ground the block counter with which the signal was art afe alleviated when pract i cirj g lhe invention described 

ciphered will be out of data compared to the current block herein 
counter by many block periods. 

U.S. patent application Ser. No. 08/581,110 describes 65 SUMMARY OF THE DISCLOSURE 

avoiding the double-hop delay for communication between According to a first aspect of the invention, a buffer 

two mobile stations via an orbiting satellite by relaying their memory is provided at either the mobile telephone station or 
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the ground network station or both. The buffer memory is FIG. 2 illustrates a prior art block-counter based cipher; 

used to store the deciphering bits output from a duplex FIG. 3 illustrates an exemplary duplex cipher algorithm; 

ciphering algorithm at the time the ciphering bits are gen- FIG. 4 illustrates the number of clock cycles applied for 

erated. The stored ciphering bits are used to decipher a generating ciphering and deciphering bits; 

later-to-be-received traffic information block. The delay in 5 pjQ 5 illustrates a GSM TOMA burst format; 

using stored deciphering bits is determined for each call at , .„ 

call set-up to the nearest integer number of block periods by FI °: 6 illustrate a modified duplex cipher machine 

measuring the loop propagation delay from the ground according to one embodiment of the present mvention; 

station to the mobile telephone station during an exchange of FIG - 7 15 a flow cnart illustrating one embodiment of the 

signals at call set-up. 10 present invention; 

According to a second aspect of the invention, a buffer FIG * 8 is a flow chart illustrating another embodiment of 

memory is provided at a first and a second mobile satellite tne P resenl invention; 

telephone station. The buffer memory is used at the first FIG. 9 illustrates the use of a block counter in an address 

mobile station for storing a first output from a duplex generator according to one embodiment of the present 

ciphering algorithm while using a second output for cipher- 15 invention; 

ing transmissions. The buffer memory at the second mobile FIG. 10 illustrates an alternative implementation; 

satellite telephone station is used for storing the second FIG. 11 illustrates saving earlier block counter values; and 

output from an identical duplex ciphering algorithm while FIG. 12 is a flow chart illustrating another embodiment of 

using the first output for ciphering transmissions. The stored t he p resen t invention, 

outputs from the ciphering algorithms are then recalled at 20 

both mobile stations after a delay of a whole number of DETAILED DESCRIPTION 

block periods and used for deciphering signals received nG 2 illustrates a rior art d lex ci ner employed to 

from each other. The delay is determined by a ground cipher a transmitted signal and to decipher a received signal, 

network station durmg exchange of signals with _both mobile A bJock 10 ^ mcttm&nicd b iy the 51ock 

stations at call set-up, whereby the first mobile station is 25 ^ ^ ^.^ ^ ^ ^ ^ Qf & ^ 

identified as originating the call and stores the first cipher d - u yalue CQUNT tQ i|s next yalue in nce> ^ count 

output and the second mobile station is identified as terrai- Qce [s nQt necessaril that of a si le bin or 

nating the call and stores the second cipher output. dedmal cmmter ^ incremenls 5y x each tickf and can 

According to a third aspect of the invention, mobile-to- ^ comprise multiple radix counters and counters where more 
mobile calls begin by establishing contact between a ground than one digit is incremented at a time. The counter can also 
network and both mobile stations in a mode ciphered for i n principle be a pseudo-random sequence generator, 
each station individually using separate session keys, and although as will become clear, an advantage of the block- 
after establishing the loop delay for direct mobile-mobile count driven cipher is precisely that past or future values of 
connections, the ground network provides a common ses- ^ COUNT can easily be determined by adding or subtracting 
sion key and the loop delay parameter to permit direct a time displacement value from the current count value, 
mobile-to-mobile calls using enciphering. which is more straightforward with sequential-number count 

In another implementation of the invention, a block order and more difficult with pseudo-random count sequenc- 

counter supplies a block count value to a key generator along ing. A simple binary counter is thus the preferred arrange - 

with a session key. The key generator combines the block 4Q ment of block counter 10. 

count with a session key and outputs ciphering bits which After each block clock tick, the new count is applied to a 

are used to encipher data transmitted from a first station. The duplex cipher algorithm 11 together with a session key 

block count is also applied to an arithmetic unit together established for and known only to the stations in mutual 

with a predetermined delay count to regenerate an earlier communication. The duplex cipher algorithm 11 computes 

value of the count. The regenerated earlier count value is 45 two multi-digit outputs labelled 11a and lib. One output Ua 

applied to a key generator along with a session key to is fed to a transmitter 12, where it is used to encipher 

generate keystream bits for deciphering a data burst received transmitted traffic, by, for example, modulo-2 adding binary 

at the first station but transmitted earlier by a second station. digits of the cipher output bit-by-bit to corresponding bits of 

The reception is delayed by the propagation time of the digitized traffic information. Other means of employing 

signal from the second to the first station and is equal to the 5Q cipher bits to encipher traffic may of course be employed, 

predetermined delay value expressed to the nearest whole suc h as using the cipher bits to control an order of permu- 

number of block count periods. The predetermined delay tation of transmitted signal elements, or applying the cipher 

value is computed by a ground network that communicates bits together with traffic bits block-wise to a block- 

with both the first and the second station during initial combinatorial algorithm such as the DES algorithm, 

establishment of communications and communicates the 55 ^ other output nb from tQe duplex cipher algorilhm u 

computed delay value to both stations along with a common ^ mean while applied to a receiver 13 and is used to decipher 

session key. The first and second stations are then com- a block or 5ufSt of received traffic information by inverting 

manded to communicate autonomously with each other the encryption process. If bitwise modulo-2 addition is used 

using the session key and delay value sent from the ground for enc ip her ing, then the same is used for deciphering as 

network to affect encryption and decryption of traffic. 6Q modulo _ 2 addition is the same as its own inverse, modulo-2 

BRIEF DESCRIPTION OF THE DRAWINGS subtraction. Otherwise, if another form of addition is used 

for ciphering then the equivalent subtraction operation needs 

These and other features and advantages of the invention to be used for the deciphering operation. For example, if a 

will be readily apparent to one of ordinary skill in the art signal-element permutation is used for ciphering, then an 

from the following written description, used in conjunction ^5 inverse permutation is used for deciphering, 

with the drawings, in which: FIG. 2 illustrates only one end of a communications link 

FIG. 1 illustrates a satellite communication system; between two stations. The second station (not shown) would 
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use exactly the same arrangement except that the output 11a encipher traffic in the other direction. In a subsequent 

would be fed to the second receiver for deciphering while application of 114 clock pulses, a further 114 bits are 

the output Hb would be fed to the second transmitter for extracted from the XOR gate 23 and used to encipher traffic 

enciphering. Reversing the use of the outputs 11a and lib m a first direction or to decipher traffic in the second 



allows two way traffic to be exchanged in ciphered mode 5 direction 

only if the propagation delay is small compared with the nG 5js , he G§M yrjMA burst format showing how the 

time between block clock ticks. Therefore, the prior art . ,. t , t • « . . — ™» 

duplex cipher of FIG. 2 is not operable when propagation U f 4 keys^eambits are applied to cipher 57+57 bits of traffic 

delays between the two ends of the link are many block ^formation. The slot format (A) comprises a central, 26-bit 

periods. For example, if a first device according to FIG. 2 in f^ord ™f f f synchronization and equalizer training, 

enciphers with a block count equal to 1000, and the enci- 10 °? ea <* = Slde of the syncword, the flag bits F indicate 

phered signal propagates to a second device according to * c burst contains digitized speech Fast Associated 

FIG. 2 with a propagation time of 50 block counts, then the £^^ nw * ?T a f S half speech and half 

block counter of the second device, if synchronized to that FACCH. On either side of the flag bits he 57 data bits 

of the first device, would have moved on to the value 1050, „ ma ^ 114 b * s m total - L 0n * ! h ? se dala blt f_ are en u crv P ted 

which is incorrect for deciphering. The block counter of the 15 by XORmg them with the 114 key stream bits, which are 

second device must therefore be retarded by 50 block counts s P ht mto *™ corresponding blocks of 57 keystream bits 

so that, when the first device is enciphering with a block shown at (?>• ! ih f ends of the bu f > 4 bits are added 

count of 1000, the second device's block counter has l ? aUow , ec u hoe * « * e Propagation channel to die away, and 

attained the value 950 and is deciphering a block transmitted on tbeD a u 62 f blt P enods of ^ownramping time are 

50 counts earlier. The second device would then however be 20 a " owed > whlch also ^ as f ard time between slots to 

enciphering blocks for transmission to the first device with a low some sma11 vanall0t ' of slot tmun S between adjacent 

the same retarded block count of 950; after 50 block counts slots creatm § ^^rference. 

of propagation delay, these blocks enciphered with block The initialization step comprises clearing the registers and 

count =950 arrive at the first device after its block counter the n loading them with the session key and block count for 

has moved on from 1000 to 1050, an error of 100. It is thus the current frame. The 64-bit session key and 22-bit block 

impossible to synchronize the two ends by advancing or count are concatenated to form an 86-bit initialization 

retarding one or both of the cipher machines relative to the sequence which is applied bit serially to input 29 where the 

other, bits become XORed into the register feedback paths. To 

FIG. 3 illustrates as an exemplary duplex cipher algorithm 30 ensure that everv «ft»ter is effected by every bit, all three 

the A5 algorithm described above. Three, linear feedback registers are shifted during initialization with the 86 key+ 

shift registers 20,21,22 of respective lengths 19,22 and 23 counl bits - Thereafter, the shifting of the registers during the 

stages are clocked by clock control circuitry 2*1,246,2*:, 100 mixin S c y cles and 228 ke ystream extraction cycles 

24d to generate three output bits at a time, which are de P ends on clock control circuitry 24a,b,c > d as previously 

exclusive ORed in an XOR circuit 23 to generate a one bit 35 described. 

output per clock period. Sequential output bits obtained after In FIG. 5, the format labelled (C) is the GSM-derived 

an initialization process form the keystream for ciphering burst format adapted for satellite communications as dis- 

and deciphering. closed in U.S. patent application Ser. No. 08/501,575 which 

The clock control circuitry 24 comprises a majority vote is incorporated herein by reference, 

circuit 24a that compares register 20 bit 11, register 21 bit 40 To improve the communications efficiency in satellite 

12 and register 22 bit 13 and decides whether there are more mode, the two flag bits and four of the sync bits are removed 

binary 'l's than binary '0*s. For example, if register 20 bit and the data content of the slot is increased from 57+57 bits 

11 and register 22 bit 13 were 'l's, there are at least two 'l's to 60+60 bits. The reduced sync word length of 22 bits is 

so 'l's are in the majority and the majority vote circuit sufficient for equalizer training for the satellite channel, 

outputs a *1\ However, if zeros are in the majority, the 45 which suffers less time dispersion. The flag bits are not 

majority vote circuit 24a outputs a zero. needed to discriminate between speech and FACCH, which 

The output of the majority vote circuit 24a is compared is performed instead using the invention disclosed in U.S. 

with register 20 bit 11 in an XOR gate 24d. If the values Pat. No. 5,230,003 which is incorporated herein by reference 

match, it indicates that bit 11 of register 20 is one of the in its entirety. 

majority values and a '0' is produced from XOR gate 244 50 It can be seen that format (C) comprises 3 bits lying on 
enabling the register 20 to shift when a clock pulse is applied either side of the sync word that do not overlap with 
to a clock pulse input 28. Likewise, XOR gates 24c and 24b corresponding keystream bits from respective 57-bit key- 
determine respectively whether bit 12 from register 21 and stream blocks (B). Thus, if minimum change is made to the 
bit 13 from register 22 belong to the majority and if so, their GSM hardware that implements burst formatting and 
respective registers are enabled to shift. The effect of clock ss encryption, those 3+3 bits do not get enciphered. When 
control circuitry 24a,b,c,d is thus that at least two out of account is taken of the diagonal interleaving patterns dis- 
three of the registers, i.e. the majority of them, shift right closed in U.S. patent application Ser. No. 08/501,575 
upon applying a clock pulse to the input 28. however, the unencypted bits are isolated bits in the output 
The above -described clock control circuitry is used after sequence of an error correction encoding process, the neigh- 
initialization of the register starting states using the session 60 boring bits to which are enciphered. Since it is not possible 
key and the block count, and a number of clock pulse applied to perform error correction decoding based on one isolated 
according to FIG. 4. After initialization, 100 clock pulses are plain text coded bit when the surrounding coded bits are 
applied to displace the registers from their starting states by enciphered, there is no significant loss of security in not 
deterministic but hard to predict amounts. Then, a further ciphering the three extra data bits. It is more important 
114 clock pulses are applied, after each of which a key- 65 however that the 3+3 bits in question should be masked 
stream bit is extracted from XOR gate 23. The extracted 114 differently for signals using the same frequency in different 
bits are then used to decipher traffic in one direction or to cells or beams, the so-called co-channel interferers, as the 
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error correction coding will not act to help filter out between the network of control stations and the first station 

co-channel interference if the interference is coded identi- and separately between the network of control stations and 

cally. In FIG. 5, an extended syncword (D) comprises the the second station. Asession key from the network of control 

normal 22 sync bits, which arc also desirably different stations is sent to the first station and separately to the 

among a group of co-channel interferes, extended to 28 bits 5 second station. The propagation delays between the control 

by adding 3 bits at each end that overlap the 3+3 extra data station network and the first station are determined and the 

bits and become exclusive ORed with the extra data bits propagation delays between the control station network and 

during burst building. The 3+3 syncword extension bits are the second station are determined. The propagation delays 

also chosen deliberately to differ between co-channel inter- are Passed to determine a direct propagation delay for 

ferers so as to obtain the interference discrimination advan- 10 communication between the first and second stations with- 

f4 . t . j c iL u * out involving the control station network. The direct propa- 

tage of the error correction code for these three bits. gatfon deIay * is then ^ frQm ^ station 

It would of course be a simple modification to the A5 the first station and separately to the second station. A 

algorithm of FIG. 3 to generate 240 keystream bits for channel assignment is then sent from the control station 

ciphering and deciphering, but the arrangement of FIG. 5 network to the first station and separately to the second 

(B+C+D) is preferred when existing hardware designs for 25 station and the first station and the second station are 

are to be minimally modified to implement a satellite commanded to begin communicating with each other by 

communication mode. enciphering and deciphering signals using the session key 

FIG. 6 illustrates the changes needed to the prior art and the direct propagation delay value, 

duplex cipher machine of FIG. 2 to achieve a first imple- In another embodiment of the present invention illustrated 

mentation of the invention, with the aim of allowing duplex 20 in FIG. 8, the established propagation delays for communi- 

communication over much greater distances. An address catioD between the control station network and the first and 

generator 31 generates a write address and a read address to second mobile stations respectively are added together, 

a circular buffer memory 30. The address generator incre- the loo P propagation delay from the control network 

ments the read and write addresses each time a block clock b «* t0 control network is determined and subtracted to 

pulse is applied to increment the block counter 10. The read ™ ob }™ a K one - wa y f ™ d ! rect communication via the 

. 00 • :„„,,, trt - ta „ m ;„„<. * j a i,„ satellite between the first and second mobile stations. A 

address * equal to the wnte address minus a constant de ay assi fluting the one-way delay is sent 

value determined for each call. The addresses are computed from ^ ^ sm{oQ tQ ^ fi J mobi [ e si ^ Qn 

modulo-N, where N is the size of the circular buffer memory and atel t0 the mobile station and the first and 

in ciphering bit blocks. For example, if ciphering bit blocks mobik s(ations afe commanded t0 begin commU ni- 

contain 114 bits, as generated using the logic of FIG. 2 and cating with each other using lhe channel assignment and 

N is 64, then the size of the memory is 114x64 bits or 912 enciphering and deciphering signals using the session key 

bytes. The value N=64 sets the maximum value that the and the one . W ay propagation delay value, 

delay value can attain, and thus sets the maximum loop In a rticular implementation, the delay value used may 

propagation delay and thus loop distance between a first be f than ^ propagat i on de i ay in order to 

station communicating with a second similar station via an accQUnt fof rocessin ddays m the equipment for, for 

orbiting satellite . If the acmal delay for a particular call is e fc demodulation, interleaving, error correction 

forexample^l block counts, then ithe read address is related decodi Qr omer &[ j ^ fractions that are not 

to the wnte address by the equation instantaneously executed. 

Read Address = | Write address - 51 1« 40 i The write address after bt ;ing incremented by the block 

clock pulse is used to direct the deciphering bits output from 

= |Write address + algorithm 11 to a particular one-block area of memory, for 

example a 114-bit area. The read address on the other hand 

Therefore, the read address may equally be derived from is used to point to an area of memory from which a 

the write address by modulo-N adding the N's complement 45 deciphering bit-block stored earlier will be retrieved and 

of the delay value, in this case, 13. used for deciphering the information just received at 

The duplex cipher machine at the other end of the link in receiver 13. 
communication with the machine of FIG. 6 is assumed to be Of course other methods of delaying the use of the 
of identical function to that of FIG. 6, except that the second deciphering bits may be used, such as shift registers or first 
machine would use the keystream lib for enciphering 50 in first out registers (FIFO), but when the amount of delay 
transmissions instead of the keystream Ha, and the key- can vary and there fore the length of the shift register or FIFO 
stream 11a would be routed to the memory 30 to be used, needed is not always the same, it is more practical to use a 
after a delay for deciphering received data. The same delay random access memory (RAM) chip with suitable address- 
value may be used at both ends and is then the one-way ing logic 31. All equivalent methods of delaying the use of 
propagation delay from a first communicating device 55 deciphering bits output from a duplex cipher algorithm by a 
through the satellite relay station to the second communi- given link delay are however considered to lie within the 
cating device. Alternatively, different delays may be used as spirit and scope of this invention as described by the 
long as their sum equals the two-way propagation delay and attached claims. 

their block counters are adjusted to ensure cipher synchro- In certain circumstances where the least significant 

nization at both ends, which, because of the delay memories, 60 counter stages of the block counter 10 use the same count 

is now possible when practicing the invention. modulus as the address generator 31, then it is possible to 

The present invention described above will be further simplify the address generator 31 by using the least signifi- 

explained with reference to FIG. 7 which illustrates a cant digits of the block counter 10 directly as one address 

method of communicating cipher-protected information and forming the other address by adding or subtracting the 

between a first transmitter-receiver station and a second 65 given delay value modulo-N. 

transmitter- receiver station using a network of control sta- Such an arrangement is shown in FIG. 9. The block 

tions. Enciphered communication is first established counter 10 has been expanded to show more detail of a 
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typical block counter, such as that used in the GSM system. 
A first counter LSB stage 10a divides the block clock by 51, 
which is the repetition period of a submultiplex frame on the 
broadcast control channel, as described in the incorporated 
references. A second counter LSB stage 10b is clocked in 
parallel, and divides by the number of blocks or frames 
between Slow Associated Control Channel (SACCH) bursts. 
In GSM, the counter 10b counts 52 frames of 8 times slots, 
but in the inventive satellite adaptation described in the 
incorporated references, the counter 10b counts 26, 16-slot 
frames. Both of the counters 10a and 106 are clocked 
together and generate a carry pulse simultaneously only one 
in 51x52 pulses, which event is detected by an AND gate 
104 generating a carry pulse to increment the most signifi- 
cant counter stage 10c, a divide by 1024 circuit. The total 
period of counter 10 is in this example 51x52x1024, how- 
ever the exact counter moduli should be regarded as exem- 
plary and not limiting of the invention. For example, the 
counter moduli could equally well be 51x26x2048 or 
17xl3x 12288 and achieve the same repetition period. The 
counter structure is preferably chosen to accord with slot, 
frame and superframe timing and multiplex structures and 
then its use as a cipher timebase has the advantage that, once 
synchronization has been obtained with the signal structure 
in general, cipher synchronization is also obtained without a 
further sync procedure. 

In FIG. 9, the least significant counter \0b is also supplied 
as the read address to the buffer memory 30. The write 
address is generated by adding the one-way propagation 
delay value to the read address in a modulo-52 adder 32. The 
22-bit block count is applied to a duplex cipher algorithm 11 
along with the session key. Enciphering and deciphering bits 
are generated in the cipher algorithm as a function of the key 
and the block count. The ciphering bits are used almost 
immediately to encipher a transmitted information block. 
The deciphering bits are however stored in memory at a 
location given by the write address from adder 32, that 
location being ahead (in a circular fashion) of the address 
from which earlier- written deciphering bits are being read 
with the aid of the read address. The write address points to 
a free location containing deciphering bits that were read 
and used for deciphering some time ago, which may now be 
overwritten by the new output from the cipher algorithm 11. 
This new output will be concurrently used for enciphering in 
a second, similar apparatus with which a duplex communi- 
cations link is established, but the enciphered bits will not be 
received at the first apparatus until after they have propa- 
gated over the intervening distance from the second 
apparatus, through a satellite relay station to the first 
apparatus, a distance which can be as much as 80000 Km in 
the case of a geostationary satellite. At the speed of light, this 
represents a delay of 266.6 mS, or 57.8 GSM TDMA frame 
periods, or 28.9 16-slot frame periods such as disclosed to be 
useful for satellite communication in U.S. patent application 
Ser. No. 08/501,575. This patent application is incorporated 
herein by reference in its entirety. 

Thus since the mobile-to-mobile delay through the satel- 
lite when using 16-slot TDMA formats is less than 52 
frames, a circular buffer memory 30 having 52 locations 
each capable of storing one frame's worth of deciphering 
bits (e.g. 114) is adequate to encompass the expected range 
of propagation delays. 

The size of the buffer memory needed for the implemen- 
tations of FIGS. 6 and 9 is equal to the propagation delay 
multiplied by the number of ciphering bits per second to be 
delayed. The number of ciphering bits per second is at least 
equal to the information rate of the communications link and 
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may be greater than the information rate corresponding to 
the redundancy added by convolutional coding. For high 
information rates, the memory size increases. If the memory 
size becomes excessive, the alternative implementation of 
FIG. 10, which eliminates the buffer memory, may be used. 
In FIG. 10, a first copy of cipher algorithm 11 is executed to 
combine the session key with the unmodified output of the 
block counter 10 to produce enciphering and deciphering 
outputs 11a and Hb, At one end of the duplex communi- 
cation link, a first transmitter receiver 12,13 uses output 11a 
of the first copy of the cipher algorithm for ciphering 
transmissions. At the other end of the duplex communica- 
tions link an identical apparatus to FIG. 10 is used to provide 
enciphering and deciphering bits to a second transmitter 
receiver 12,13 shown in dotted lines in FIG. 10. The first 
copy of the cipher algorithm supplies its output lib to the 
second transmitter receiver for enciphering transmissions. 

The modulo-n adder 32 adds a delay offset value to the 
output of the counter 10 to produce a modified count. The 
modified count is provided to a second copy of the cipher 
algorithm 11 (which may be a second execution of the same 
piece of hardware, thus justifying the common labelling of 
both in FIG. 10). The second copy or execution of the cipher 
algorithm U combines the modified count from the adder 32 
with the session key to obtain deciphering bits lib for use 
by the first receiver 13. Since the receiver receives a delayed 
signal, the delay offset added in the adder 32 corresponds to 
a negative value, that is the n*s complement of the positive 
delay value. Alternatively, The modified count representing 
an incremented block counter value can be used for gener- 
ating enciphering bits lib in the first transceiver 12,13 while 
the unmodified counter output is used to generate decipher- 
ing bits 11a. A second transceiver 12,13 shown in dotted 
lines in FIG. 10 is connected in a similar arrangement to 
FIG. 10 but uses the output lib of the first execution of the 
cipher algorithm 11 for enciphering (if output 11a is used for 
enciphering in the reverse direction) and output 11a of the 
second execution of the cipher algorithm 11 is used for 
deciphering at the second transceiver (assuming output 11a 
of the second execution of the cipher algorithm is used for 
deciphering in the other transceiver.) Alternatively, output 
11a of the second execution of the cipher algorithm 11 is 
used for enciphering in the second transceiver if output lib 
of the second execution of cipher algorithm 11 is used for 
enciphering in the first transceiver. 

The modulus 'n' of the adder 32 must correspond to the 
full count period of the counter 10. For the counter structure 
illustrated in FIG. 9 comprising subcounters 10a, 10b, 10c, 
the adder for the implementation of FIG. 10 is not so simple 
as the modulo-52 adder illustrated in FIG. 9. In FIG. 9, a 
modified count corresponding to an earlier count did not 
need to be generated, as the cipher bits corresponding to the 
earlier count stored in the buffer memory 30. To avoid the 
need for the buffer memory 30 by a second execution of the 
cipher algorithm using the earlier count however, the full 
earlier count must be made available, and this involves 
modifying all of the subcounters 10a, 10b and 10c 

For example, suppose that the counter 10b currently 
contains a count of 47 and the counter 10a contains a count 
of 15, and that it is desired to reproduce the count value 39 
blocks ago. Subtracting 39 from the counter 10b does not 
produce an underflow and so we know that the counter 10b 
did not produce a carry between the earlier count and the 
current count. The earlier value of the sub-counter 10a was 
15-39= -24 which is +27 in modulo-51 counting. The nega- 
tive sign of the -24 indicates underflow, namely that 
between the earlier count and the current count a carry was 
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generated. If this carry had been generated at the same time transceiver 12,13 the second execution of the cipher algo- 
as one on the subcounter 106, it would indicate that the rithm 11 may terminate after producing only output bits 11a. 
counter 10c also incremented between the earlier and current It is necessary for the value of "DELAY" shown being fed 
count and would therefore have to be decremented to to the adder 32 of FIGS. 6, 9 or 10 to be established for a 
produce the earlier count. This situation arises only when the 5 direct mobile-to-mobile link at call set-up. Call set-up is the 
subcounters 10a and 106 are currently equal and less than name for the procedures enacted in a telephone communi- 
the delay value to be subtracted, and thus testing the cations network when one subscriber picks up the phone and 
subcounters 10a,106 for equality, prior to subtracting the dials the number of another subscriber. In a mobile tele- 
delay offset modulo 51 and modulo-52 respectively, inch- phone network, an important sub-procedure is to identify the 
cates whether the counter 10c must be decremented to 1Q caifog subscriber so that he can be billed for the charges 
produce a valid earlier count. Alternatively, if an incre- incurred during the call. This procedure is simple in a 
mented count is used for enciphering so that the current wireline network as the subscriber is uniquely identified 
count represents an earlier enciphered block count to be used w j t h the pair of copper wires leading to his home, for 
in deciphering, then the subcounters 10a, 106 must be example. In a mobile communications system however, 
incremented by the same delay offset in respective modulo- 15 different subscribers may come within range of and be 
51 and modulo-52 adders, and then tested for equality after connected to the same wireless base station, and can thus no 
incrementing to determine if a simultaneous carry was longer be discriminated by where their signals are detected 
produced necessitating adding one to the subcounter 10c to m t ne network. They must instead be identified for billing 
produce a valid enciphering counter value. purposes by exchange of electronic identification signals. 

Yet another alternative is to use the circular buffer 20 Other references incorporated above disclose authentication 

memory 30 of FIG. 9 to store earlier block counts instead of procedures designed to prevent fraud in this identification 

earlier cipher algorithm output bits, where the block count process. As a by-product of authentication, a temporary 

comprises fewer bits, as shown in FIG. 11. "session key" may be produced for enciphering and deci- 

The buffer memory 30 in FIG. 11 only needs to store the phering the call, at least over the wireless leg of the signal 
earlier counts of the subcounters 106 and 10c, a total of 16 2 5 routing which is more readily intercepted by any eavesdrop - 
bits, as the count of the subcounter 10a is implicit in the per equipped with a suitable radio receiver, 
memory address. The current 16-bit value of the counters in U.S. patent application Ser. No. 08/681,916 which was 
106, 10c is written to an address in the 51 -word buffer incorporated herein above, it was disclosed how, at call 
memory 30 that is in advance of the current read address set-up, the satellite/cellular network may also determine if a 
given by the counter 10a, the advance being equal to the 30 particular call is between two subscribers that are both 
delay offset added in the modulo -51 adder 32. The value reachable only by the satellite, and then proceed to establish 
written overwrites a previously re-read and used value no a common ciphering key before allocating them a direct 
longer needed. When the written value is re-read later, the mobile -to-mobile satellite transponder channel. The network 
read address will have advanced by the delay value and thus is first contacted by the calling subscriber dialing the call, 
needs to be decremented to reproduce the earlier value of the 35 then the network in turn contacts the called subscriber and 
counter 10a. This may be carried out by re-using adder 32 establishes separately enciphered links with both. It is 
a second time, but presenting the 51's complement of the straightforward for the network, during this call set-up 
delay to be added to the current read pointer, thus effectively phase, to establish the loop delay to each mobile 
subtracting the delay to reproduce the earlier value of the independently, which will include as a common part the 
counter 10a. Alternatively, the unmodified value of the 40 distance between the satellite and the network station. This 
counter 10a may be used as the write address instead of the distance may be accurately established by any number of 
read address. Thus, the address from which a 16-bit value of means such as using a satellite tracking station to accurately 
the counters 106, 10c will later be re-read is the correspond- track the satellite, determine its orbital parameters, and 
ing value of the counter 10a to use. The current read address compute its instantaneous position. The known distance 
would then be generated by adding the 51's complement of 45 from ground station to satellite is then subtracted from the 
the delay value to counter lOa's value in the modulo-51 bop delays to the first and second mobile before adding 
adder 32. The current read address together with the 16-bit them to obtain the mobile-to-mobile delay. The satellite 
re-read value would then form the delayed 22-bit counter transponder for mobile-to-mobile communications prefer- 
value to use in a second execution of the duplex cipher ably includes a buffer and reformatter (when uplink and 
algorithm 11 for deciphering purposes, the current states of 50 downlink signal formats are different) U.S. patent applica- 
ble counters 10a, 106, 10c being used in a first execution of tion Ser. Nos. 08/681,916 and 08/581,110. The buffer has the 
the cipher algorithm 11 for enciphering purposes. effect of introducing a small extra delay in the satellite 

Thus, the size of the buffer memory 30 may be minimized transponder such that the total propagation delay can be 

rather than being totally eliminated by using a hybrid of the expressed as an integral number of TDMA, frame periods, 

implementations of FIGS. 9 and 10 as described above, as a 55 the buffer in effect taking up the fractional-frame delay, 

trade off between memory size, complexity of modulo According to the current invention, the ground network 

addition operations and single versus double execution of determines this integral number of frame delay from mobile- 

the cipher algorithm 11. to-mobile and then communicates it along with the common 

It is also pointed out that a full double-execution of the session key and a mobile-to-mobile transponder channel 
cipher algorithm is not required at any one end of the duplex 60 allocation to the mobiles, thus allowing the mobiles to 
communications link. If for example the first execution of switch from communicating with the ground network to 
the cipher algorithm 11 produces output bits 11a first for the directly communicating in enciphered mode with the aid of 
first transceiver 12,13 in FIG. 10, it need not continue to the current invention. By so informing the mobiles directly 
produce output bits 116. On the other hand, the second of the loop delay that they will experience, they avoid a 
execution of the cipher algorithm 11 must produce output 65 hiatus in communicating between them while a sync algo- 
bits Ha as a stepping stone to obtaining the output bits 116 rithm searches for the correct delay value to use to synchro- 
used by the first transceiver. Conversely, for the second nize ciphering and deciphering at both ends. While this is a 
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desirable aspect of the preferred implementation, other 
means of establishing the loop delay could be used, for 
example by requiring the mobiles to begin direct commu- 
nication with each other by transmitting their frame counter 
values in an unenciphered mode as illustrated in FIG. 12. 5 
Each mobile then subtracts the counter value contained in a 
received burst from its current counter value to determine 
the delay it would add to its own counter in the adder 32 for 
synchronizing deciphering with the other mobile's cipher- 
ing. The latter method does not assume that both mobiles 10 
will use the same delay value exactly, and can tolerate any 
counter misalignment providing that the implementation of 
FIG. 10 is used. Both methods and any other method of 
establishing the loop delay value to the necessary accuracy 
of one block period that may be devised by persons skilled is 
in the art are considered to lie within the spirit and scope of 
this invention. 

It will be appreciated by those skilled in the art that the 
present invention can be embodied in other specific forms 
without departing from the spirit or essential character 20 
thereof. The presently disclosed embodiments are therefore 
considered in all respects to be illustrative and not restric- 
tive. The scope of the invention is indicated by the appended 
claims rather than the foregoing description, and all changes 
which come within the meaning and range of equivalents 25 
thereof are intended to be embraced therein. 

I claim: 

1. A method of communicating cipher-protected informa- 
tion between a first transmitter-receiver station and a second 
transmitter-receiver station using a network of control 30 
stations, comprising the steps of: 

establishing enciphered communication between said net- 
work of control stations and said first station and 
separately between said network of control stations and 
said second station; 

communicating a session key from said network of con- 
trol stations to said first station and separately to said 
second station; 

establishing propagation delays between said control sta- 4Q 
tion network and said first station and separately 
between said control station network and said second 
station; 

processing said propagation delays to determine a direct 
propagation delay for communication between said 45 
first and second stations without involving said control 
station network and communicating said direct propa- 
gation delay from said control station network to said 
first station and separately to said second station; and 

communicating a channel assignment from said control 50 
station network to said first station and separately to 
said second station and commanding said first station 
and said second station to begin communicating with 
each other by enciphering and deciphering signals 
using said session key and said direct propagation delay 55 
value. 

2. The method according to claim 1, wherein said delay 
value is greater than the pure propagation delay in order to 
account for processing delays. 

3. A communications system for communicating cipher- 60 
protected information between a first transmitter-receiver 
station and a second transmitter- receiver station using a 
network of control stations, comprising: 

means for establishing enciphered communication 
between said network of control stations and said first 65 
station and separately between said network of control 
stations and said second station; 
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means for communicating a session key from said net- 
work of control stations to said first station and sepa- 
rately to said second station; 

means for establishing propagation delays between said 
control station network and said first station and sepa- 
rately between said control station network and said 
second station; 

means for processing said propagation delays to deter- 
mine a direct propagation delay for communication 
between said first and second stations without involv- 
ing said control station network and communicating 
said direct propagation delay from said control station 
network to said first station and separately to said 
second station; and 

means for communicating a channel assignment from said 
control station network to said first station and sepa- 
rately to said second station and commanding said first 
station and said second station to begin communicating 
with each other by enciphering and deciphering signals 
using said session key and said direct propagation delay 
value. 

4. The communications system according to claim 1, 
wherein said delay value is greater than the pure propagation 
delay in order to account for processing delays. 

5. A means of ciphering and deciphering signals trans- 
mitted between a first and a second station when signal 
propagation delay between said first and second stations is 
large compared with the duration of a ciphered information 
block, comprising, at each of said first and second stations, 
comprising: 

block counter means for counting information blocks 
transmitted or received and producing a multi-digit 
block count value; 

cipher algorithm execution means for generating a block 
of ciphering bits and a block of deciphering bits as a 
function of a multi-digit session key and said multi- 
digit block count value, the ciphering bits for said first 
station being the deciphering bits for said second 
station and vice-versa; 

enciphering means for using a block of said ciphering bits 
to encipher a corresponding block of information bits 
for transmission; 

circular buffer memory means for storing said deciphering 
bit blocks in a first memory location and retrieving 
previously stored deciphering bit blocks from a second 
memory location; and 

deciphering means for deciphering received signals using 
deciphering bit blocks retrieved from said circular 
buffer memory in order to reproduce blocks of infor- 
mation bits. 

6. The apparatus according to claim 5, wherein said 
memory locations are incremented modulo the total number 
of memory locations each time said block counter is incre- 
mented. 

7. The apparatus according to claim 5, wherein the 
difference between said first and second memory locations 
corresponds to the propagation delay between said first 
station and said second station measured in units of the time 
between successive information block transmissions. 

8. The apparatus according to claim 5, wherein said first 
memory location is determined by at least some digits of 
said block counter including the least significant digits. 

9. The apparatus according to claim 5, wherein said 
second memory location is formed from at least some digits 
of said block counter including the least significant digits. 

10. The apparatus according to claim 8, wherein said 
second memory location is formed by modulo-addition of an 
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offset representative of said propagation delay to said first 
memory location, 

11. The apparatus according to claim 9, wherein said first 
memory location is formed by modulo-addition of an offset 
representative of said propagation delay to said second 5 
memory location. 

12. A means of ciphering and deciphering signals trans- 
mitted between a first and a second station when signal 
propagation delay between said first and second stations is 
large compared with the duration of a ciphered information 10 
block, comprising, at each of said first and second stations, 
comprising: 

block counter means for counting information blocks 
transmitted or received and producing a multi-digit 
block count value; 15 

cipher algorithm execution means for generating a block 
of ciphering bits as a function of a multi-digit session 
key and said multi-digit block count value; 

enciphering means for using a block of said ciphering bits 2Q 
to encipher a corresponding block of information bits 
for transmission; 

modifying means for modifying said block count value 
using an offset representative of said propagation delay 
to produce an offset block count; 2 5 

deciphering algorithm execution means for generating a 
block of deciphering bits as a function of said multi- 
digit session key and said offset block count; and 

deciphering means for deciphering received signals using 
said deciphering bit blocks to reproduce blocks of 30 
information bits. 

13. An apparatus for ciphering and deciphering signals 
transmitted between a first and a second station when signal 
propagation delay between said first and second stations is 
large compared with the duration of a ciphered information 35 
block, comprising, at each of said first and second stations: 

block counter means for counting information blocks 
transmitted or received and producing a multi-digit 
block count value; 

cipher algorithm execution means for generating a block 40 
of ciphering bits and a block of deciphering bits as a 
function of a multi-digit session key and said multi- 
digit block count value, the ciphering bits for said first 
station being the deciphering bits for said second 
station and vice-versa; 

enciphering means for using a block of said ciphering bits 
to encipher a corresponding block of information bits 
for transmission; 

memory means for storing current values of said block 50 
counter and retrieving previously stored block counter 
values; 

deciphering algorithm execution means for generating a 
block of deciphering bits as a function of said multi- 
digit session key and said retrieved block count values; 55 
and 

deciphering means for deciphering received signals using 
said deciphering bit blocks to reproduce blocks of 
information bits. 

14. In a satellite communications system for providing 60 
communications services between mobile subscribers hav- 
ing mobile telephone stations and subscribers of the public 
switched telecommunications network via a network of 
control stations, a method of facilitating direct, one-hop, 
enciphered communications between a first mobile station 65 
and a second mobile station through a satellite relay station, 
comprising the steps of: 
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establishing enciphered communication between said net- 
work of control stations and said first mobile station via 
said satellite relay station and separately between said 
network of control stations and said second mobile 
station via said same satellite relay station; 

communicating a session key from said network of con- 
trol stations to said first mobile station and separately to 
said second mobile station via said satellite relay sta- 
tion; 

establishing respective propagation delays between said 
network of control stations and said first and second 
mobile stations via said satellite relay station and 
separately the loop propagation delay from said control 
station network via said satellite relay station and back 
again; 

adding said established propagation delays for commu- 
nication between said control station network and said 
first and second mobile stations respectively and sub- 
tracting said loop propagation delay to obtain the 
one-way delay for direct communication via said sat- 
ellite between said first and second mobile stations; and 
communicating a channel assignment including said one- 
way delay from said control station network to said first 
mobile station and separately to said second mobile 
station and commanding said first and second mobile 
stations to begin communicating with each other using 
said channel assignment and enciphering and decipher- 
ing signals using said session key and said one-way 
propagation delay value. 
15. A satellite communications system for providing 
communications services between mobile subscribers hav- 
ing mobile telephone stations and subscribers of the public 
switched telecommunications network via a network of 
control stations, which provides direct, one-hop, enciphered 
communications between a first mobile station and a second 
mobile station through a satellite relay station, comprising: 
means for establishing enciphered communication 
between said network of control stations and said first 
mobile station via said satellite relay station and sepa- 
rately between said network of control stations and said 
second mobile station via said same satellite relay 
station; 

means for communicating a session key from said net- 
work of control stations to said first mobile station and 
separately to said second mobile station via said satel- 
lite relay station; 

means for establishing respective propagation delays 
between said network of control stations and said first 
and second mobile stations via said satellite relay 
station and separately the loop propagation delay from 
said control station network via said satellite relay 
station and back again; 

means for adding said established propagation delays for 
communication between said control station network 
and said first and second mobile stations respectively 
and subtracting said loop propagation delay to obtain 
the one-way delay for direct communication via said 
satellite between said first and second mobile stations; 
and 

means for communicating a channel assignment including 
said one-way delay from said control station network to 
said first mobile station and separately to said second 
mobile station and commanding said first and second 
mobile stations to begin communicating with each 
other using said channel assignment and enciphering 
and deciphering signals using said session key and said 
one-way propagation delay value. 
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16. A method of establishing enciphered communication 
between a first transmitter-receiver station and a second 
transmitter-receiver station using a network of control 
stations, comprising the steps of: 

establishing enciphered communication between said net- 5 
work of control stations and said first station and 
separately between said network of control stations and 
said second station; 

communicating a channel assignment including a session 
key from said network of control stations to said first 
station and separately to said second station; 

using said channel assignment to communicate between 
said first and second stations to exchange in an unen- 
crypted mode block counter values used for encipher- 
ing signals transmitted by respective stations; 

using the block counter value received at said first station 
from said second station to reset a block counter used 
for deciphering signal blocks received at said first 
station and using the block counter value received from 
said first station at said second station to reset a counter 
used for deciphering signal blocks received at said 
second station; and 

deciphering signal blocks received at respective stations 
using respective deciphering counter values and said 25 
session key and enciphering information blocks at 
respective stations using said session key together with 
respective enciphering counter values, incrementing 
said enciphering and deciphering block counters after 
each information block for transmission is enciphered 30 
or each received signal block is deciphered respec- 
tively. 

17. A communications system for establishing enciphered 
communication between a first transmitter-receiver station 
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and a second transmitter- receiver station using a network of 
control stations, comprising: 

means for establishing enciphered communication 
between said network of control stations and said first 
station and separately between said network of control 
stations and said second station; 

means for communicating a channel assignment including 
a session key from said network of control stations to 
said first station and separately to said second station; 

means for using said channel assignment to communicate 
between said first and second stations to exchange in an 
unencrypted mode block counter values used for enci- 
phering signals transmitted by respective stations; 

means for using the block counter value received at said 
first station from said second station to reset a block 
counter used for deciphering signal blocks received at 
said first station and using the block counter value 
received from said first station at said second station to 
reset a counter used for deciphering signal blocks 
received at said second station; and 

means for deciphering signal blocks received at respective 
stations using respective deciphering counter values 
and said session key and enciphering information 
blocks at respective stations using said session key 
together with respective enciphering counter values, 
incrementing said enciphering and deciphering block 
counters after each information block for transmission 
is enciphered or each received signal block is deci- 
phered respectively. 
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